Creating mandatory profiles and custom start menu

[ptotham]

just started playing with windows 7 and have spent ages looking around trying to find the correct working way of creating a mandatory profiles and setting a customised start menu with out using sysprep, does anyone know of a link or guide that will explain to set this up.

[Steve21]

(Disclaimer, Ninja'ing from MS document)

Step 1: Prepare the mandatory profile location

On a central file server, create a new folder or use an existing folder that you use for roaming user profiles. For example, you can use the following folder name "Profiles":

\Profiles

If you are creating a new folder, share the folder by using a name that is suitable for your organization.

Note The share permissions for shared folders that contain roaming user profiles must enable Full Control permissions for the Authenticated Users group. The share permissions for folders that are dedicated to storing mandatory user profiles should enable Read permissions for the Authenticated Users group and enable Full Control permissions for the Administrators group.

Create a new folder in the folder that is created or identified in step 1a. The name of this new folder should start with the logon name of the user account if the mandatory user profile is for a specific user. If the mandatory user profile is for more than one user, name it accordingly. For example, the following domain has a mandatory profile, and the folder name begins with the word "mandatory":

\Profiles\mandatory

Finish naming the folder by adding .v2 after the name. The example that is used in step 1c has the folder name "mandatory." Therefore, the final name of the following folder for this user is "mandatory.v2":

\Profiles\mandatory.v2

Step 2: Copy the default user profile to the mandatory profile location

Log on to the computer that has the customized local default user profile by using an account that has administrative credentials.

Click Start from the Start menu, right-click Computer, click Properties, and then click Advanced System Settings.

Under User Profiles, click Settings. The User Profiles dialog box shows a list of profiles that are stored on the computer.

Select Default Profile, and then click Copy To.

In the Copy profile to text box, type the network path of the Windows default user folder that you created in the "step 1: Prepare the mandatory profile location" section. For example, type the following path:

\\<Server_name>\Profiles\mandatory.v2

Under Permitted to use, click Change, type the name Everyone, and then click OK.

Click OK to start to copy the profile.

Log off the computer when the copying process is completed.

On the central file server, locate the folder that you created in the "step 1: Prepare the mandatory profile location" section."

Click Organize, and then click Folder options.

Click the View tab, click to select the Show hidden files and folders check box, click to clear the Hide extensions for known file types check box, click to clear the Hide protected operating system files check box, click Yes to dismiss the warning, and then click OK to apply the changes and close the dialog box.

Locate and right-click the NTUSER.DAT file, click Rename, change the name of the file to NTUSER.MAN, and then press ENTER.

Note Previously it was possible to copy profiles by using the System Control Panel item. This copy to default profile option is now disabled as it could add data that made the profile unusable.

Step3: Prepare a user account
As a domain administrator, open the Active Directory Users and Computers management console from a Windows Server 2008 R2 or Windows Server 2008 computer.

Right-click the user account to which you want to apply the mandatory user profile, and then click Properties.

Click the Profile tab, type the network path that you created in the "step 1: Prepare the mandatory profile location" section in the profile path text box. However, do not add ".v2" at the end. In our example, the path would be as follows:

\\<Server_name>\Profiles\mandatory

Click OK, and then close the Active Directory Users and Computers management console.

We recently made a new test domain in our office to play around with a few items, and this is guide I used.

If you get stuck gimme shout,

Steve

[ptotham]

thanks steve I have managed to get that to work, but their is no start menu do you know how i get the start menu and customise the start menu?

[Steve21]

Not sure if it's "best" method, but on our test server, been using folder redirection. So each user has their own start menu (or could put one in the default profile if you don't mind generic menu)

Steve

[ptotham]

we have 3 different types of user each of which will have a slightly different start menu so i suppose folder re-direction would be the best option, do you know where the start menu folder is situated so i can copy it and create and 3 different menu for the folder re-direction?

[tarquel]

ptotham... did u look at the article ive stickied on this forum board? Gives you a full outline on what to setup for Win7 and some good, established best practices for doing so etc...

also:

we have 3 different types of user each of which will have a slightly different start menu so i suppose folder re-direction would be the best option, do you know where the start menu folder is situated so i can copy it and create and 3 different menu for the folder re-direction?

you could do this by seperating them out using OU's or via WMI filtering i recon. If the different types of user always use the same machines i.e. teacher only uses teacher computer, pupil only uses pupil computer, you could assign the GPO's by Computer type OU and do it this way.

I would STRONGLY suggest having a seperate set of GPO's for win7 use, as mixing them up between Win Vista/7 and XP can produce all sorts of weirdness. Naturally, GPO's for Office 200x settings and that sort of thing can apply to both, but for OS specific stuff, its best (in my experience) to keep them seperate, and use Replace methodology where possibe.

EDIT: whoopsy, didnt notice the mandatory bit... Steve's info looks sound, but do look at that stickied article too, as it will help with some of the other stuff etc

Cheers.

[ptotham]

ptotham... did u look at the article ive stickied on this forum board? Gives you a full outline on what to setup for Win7 and some good, established best practices for doing so etc...

also:


you could do this by seperating them out using OU's or via WMI filtering i recon. If the different types of user always use the same machines i.e. teacher only uses teacher computer, pupil only uses pupil computer, you could assign the GPO's by Computer type OU and do it this way.

I would STRONGLY suggest having a seperate set of GPO's for win7 use, as mixing them up between Win Vista/7 and XP can produce all sorts of weirdness. Naturally, GPO's for Office 200x settings and that sort of thing can apply to both, but for OS specific stuff, its best (in my experience) to keep them seperate, and use Replace methodology where possibe.

EDIT: whoopsy, didnt notice the mandatory bit... Steve's info looks sound, but do look at that stickied article too, as it will help with some of the other stuff etc

Cheers.

No i didnt see that will have a look for that now, thank you.